exploitDog

CVE-2016-11014

Опубликовано: 16 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

Ссылки

https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html
Exploit
Third Party Advisory
https://github.com/cybersecurityworks/Disclosed/issues/14
Exploit
Third Party Advisory
https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html
Exploit
Third Party Advisory
https://lists.openwall.net/full-disclosure/2016/01/11/5
Exploit
Mailing List
Third Party Advisory
https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html
Exploit
Third Party Advisory
VDB Entry
https://cybersecurityworks.com/zerodays/cve-2016-11014-netgear.html
Exploit
Third Party Advisory
https://github.com/cybersecurityworks/Disclosed/issues/14
Exploit
Third Party Advisory
https://khalil-shreateh.com/khalil.shtml/it-highlights/593-Netgear-1.0.0.24-Bypass---Improper-Session-Management--.html
Exploit
Third Party Advisory
https://lists.openwall.net/full-disclosure/2016/01/11/5
Exploit
Mailing List
Third Party Advisory
https://packetstormsecurity.com/files/135216/Netgear-1.0.0.24-Bypass-Improper-Session-Management.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netgear:jnr1010_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.0.32 (исключая)

cpe:2.3:h:netgear:jnr1010:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00444

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-xpqj-27x8-277f

github

больше 3 лет назад

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

EPSS

Процентиль: 63%

0.00444

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-613